Today, IT managers have to fight their battles against complex threats on many fronts. While viruses, worms, and other damaging programs (malware) were top of the agenda just a short time ago, priorities have now changed. As a result of new technologies and the increasing pressure brought to bear by legal requirements relating to the protection of IT systems, the security of mobile solutions and identity management are now among the most important topics alongside protection against malware.
Secure data even beyond the firewall
Mobile access to the enterprise network accelerates and optimizes numerous business processes. However, it also gives rise to new security risks. For example, confidential data such as customer and personal data has largely been stored on notebooks in unencrypted form up to now. If a user takes a mobile computer to an appointment, the data leaves the protected space behind the firewall. If the notebook is lost or stolen, a serious security problem arises.
If customer data, design plans, company costings, or other equally sensitive information gets into the wrong hands, unauthorized persons can do a lot of damage with it. Enterprises have to expect a credit downgrading for the award of loans, liability risks, fines, or the refusal of the audit certificate by auditors if the theft of an unprotected notebook results in the infringement of legal regulations on data protection, for example. The loss of trust among customers and business partners when they discover that “their” data has found its way into the hands of an unknown party should not be underestimated either. An adverse effect on an enterprise’s image is inevitable.
In addition, uncontrolled access from a mobile device to the enterprise’s network is a gateway that can jeopardize an otherwise well-protected enterprise IT environment. The confidentiality of communication between the mobile device and the enterprise’s network can be ensured by means of a secure, encrypted connection. Combined with access protection for the notebook, this prevents unauthorized persons from gaining illegal access to an enterprise via the mobile device.
User friendliness promotes acceptance
However, many employees, and managers above all, are not prepared to get to grips with complicated technologies for protecting mobile data. Reductions in performance caused by security technologies are either rejected outright or accepted only with reluctance. IT security cannot win through against user resistance. These difficulties can be overcome with easy to integrate, user friendly security solutions that offer a high degree of protection without adversely affecting the performance of the mobile devices.
The increasing integration of third parties in the enterprise’s network also leads to security risks. The management of different digital identities is therefore critical. Enterprises need to achieve this task at reasonable cost and ensure reliable authentication of users. While a complete identity management suite is a good solution for large enterprises, it is not necessarily the answer for small and midsize companies, because of the administrative requirements and corresponding expense associated with it. For reasons of costs, it may make sense for these companies to use scaleable security solutions that can be adapted to increasing requirements.
No chance for attackers thanks to smartcards and tokens
The Smart Sign-On solution approach – the next generation of smart single sign-on technologies – is a good option for powerful and easy to use user authentication, even for small and midsize companies. The growing complexity of modern infrastructures and the security technologies implemented in them means that password-based approaches are becoming increasingly questionable, both from a cost and a security point of view. Globalization necessitates heterogeneous IT landscapes, which, together with the increasing mobility of many employees, places new demands on modern security architectures.
The introduction of an intelligent technology such as Smart Sign-On brings with it a combination of powerful 2-factor authentication (smartcards/tokens) and high ease of use and administration. This not only provides a higher level of security, it also promotes acceptance of the security solution on the part of the users. Another benefit is the multiple use of digital certificates in an integrated security environment. Alongside the scaleable architecture, IT administrators primarily value increased productivity combined with a lower total cost of ownership (TCO).
In addition, a photo, name, and company ID can be added to the card used to authenticate users. Multifunctional cards can also be used to record working hours and to store credit for the company canteen or data needed to access the company building, for example. For small and midsize enterprises, in particular, this additional potential for optimization is a positive side effect of a far higher level of security throughout the whole company.
As a result of the increasing complexity of system landscapes, the focus of IT security is shifting more and more towards convenience. Intelligent solutions that take account of user acceptance and administrator efficiency while offering a high level of security meet the demand for more performance at lower costs.